Show vulnerable lines of file on vulnerability details page
What does this MR do and why?
This MR shows the vulnerable lines in the file on the vulnerablity details page, if the vulnerability was found in a file and there is a start line. If there was an error loading the file contents, an error will be shown. If the file was not found, a warning will be shown (this matches the behavior of what happens when you try to view a file that doesn't exist).
File contents | Loading error | File not found warning |
---|---|---|
![]() |
![]() |
![]() |
Peek_2023-08-03_23-20 |
How to set up and validate locally
- Clone this project: https://gitlab.com/gitlab-org/security-products/tests/webgoat.net
- Run a pipeline against the master branch.
- Go to the vulnerability report and click on any vulnerability.
- Verify that the file contents are shown.
- To verify the warning state, clone this project: https://gitlab.com/gitlab-examples/security/security-reports and do the same as above, but for a SAST vulnerability. The report has dummy data, so the files don't exist in the project.
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Related to #418856 (closed)
Edited by Daniel Tian